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DETAILED ACTION 

1 : This action is responding to application papers filed 7-9-2007. 

2. Claims 1 - 22 are pending. Claims 3 - 22 are new. Claims 1, 2 have been 
cancelled. Claims 3, 11, 16, 21 are independent. 

Response to Arguments 

3. Applicant's arguments filed 7/9/2007 with respect to claims 1 and 2 have been 
considered but are moot in view of the new ground(s) of rejection. 

3.1 In addition, Applicant argues that the referenced prior art does not disclose, a 
hash value computed from a resultant CRL (t+n). (see Remarks Pages 7-8) 

There is no disclosure of a "t+n" value in the specification or original claims. If 
Applicant feels there is disclosure for this limitation please indicate the required citation 
for confirmation. As per the specification, a hash (t+1 ) is computed from a CRL (t) and 
CRL (t+1) (see specification paragraph [0022]). The resultant hash is based on a (t+1 ) 
index, which is the same time index for the delta CRL and CRL(t+1 ) list. There does 
not appear to be a generation of a resultant hash based on a (t+n) index where n is 
greater than 1 , which is suggested by applicant's remarks. 

The Pitsos prior art discloses wherein a hash generated from PKI certificate 
information including revocation information. The Pitsos prior art discloses a list of key 
certificates, which have revocation information included for a CRL list. The generated 
list can be a full or partial list of CRL revocation information (a delta CRL). 
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3.2 The examiner has considered the applicant's remarks concerning a PKI 
mechanism operational in a bandwidth-limited environment, which creates a periodic 
chain of PKI, related updates, and designated as a DeltaCRL. Changes in CRLs are 
periodically generated as DeltaCRLs that allow for the iterative generation of an 
updated CRL from a known base CRL and the application of the DeltaCRLs. 

After an additional analysis of the applicant's invention, remarks, and a search of 
the available prior art, it was determined that the current set of prior art consisting of 
Zhao (7,124,295) and Pitsos (7,051,204) discloses the applicant's invention including 
disclosures in Remarks dated July 9, 2007. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 3 - 22 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 

Zhao et al. (US Patent No. 7,124,295) and in view of Pitsos (US Patent No. 

7,051,204). . 

Regarding Claim 3, Zhao discloses a method for coordinating update of certificate 
revocation information in a distributed public key infrastructure (PKI) environment, the 
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method comprising: 

b) computing an update to a local certificate revocation list state by applying the 
received delta CRL to produce a resultant local CRL state; (see Zhao col. 5, lines 
24-32: ) and 

Zhao discloses wherein receiving a delta coded update to a certificate revocation list 
(a delta CRL) together with an associated first hash value, the delta CRL encoding 
an update to a preceding certificate revocation list state CRL(t). (see Zhao col. 3, 
lines 5-10: update CRL) Zhao does not specifically discloses the first hash value 
computed as a function of at least a resultant state CRL(t+n) computable by applying 
the delta CRL to the CRL(t) state, and a second hash value as a function of at least 
the resultant local CRL state and comparing the second and first hash values. 
However, Pitsos discloses: 

a) receiving an associated first hash value, the first hash value computed as a 
function of at least a resultant state CRL(t+n) computable by applying the delta 
CRL to the CRL(t) state; (see Pitsos col. 2, lines 9-19: hash value (first) 
generation; col. 4, lines 27-32: certificate revocation information; col. 4, lines 47- 
51: list of certificate information, signed; col. 5, lines 10-16: comparison 
(verification, validation) of hash (meta hash) values) 

c) validating the update at least in part by computing a second hash value as a 
function of at least the resultant local CRL state and comparing the second and 
first hash values, (see Pitsos col. 2, lines 9-19: hash value generation; col. 4, 
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lines 27-32: certificate revocation information; col. 4, lines 47-51 : list of certificate 
information, signed; col. 5, lines 10-16: comparison (verification, validation) of 
hash (meta hash) values, PKI hash lists) 
It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset 
of PKI certificate information such as a set of revoked certificates or delta set of 
revoked certificates. One of ordinary skill in the art would have been motivated to 
employ the teachings of Pitsos in order to enable the capability to increased secure 
protection of data due to difficulty in reproduction of data protected by a hash 
procedure, (see Pitsos col. 1 , lines 31 -36: "... For signing data a hash value of the 
data is calculated in order to subsequently sign only the hash value of the data. By 
applying a hash algorithm to any given data a single unique hash value is achieved, 
which is much shorter than the data itself. However, it is nearly impossible to create 
data matching a given hash value. ...") 

Regarding Claim 4, Zhao discloses the method of claim 3, further comprising: 
requiring, as a condition precedent to the update, that a transmission that conveys the 
delta CRL include a valid digital signature establishing a trusted source thereof, (see 
Zhao col. 5, lines 39-41: signature attached to delta CRL) 

Regarding Claim 5, Zhao discloses the method of claim 3. (see Zhao col. 3, lines 5- 
10: delta CRL processing system) Zhao does not specifically disclose whereby the first 
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hash value is computed as a function of both the CRL(t) and CRL(t+n) states, and 
wherein the second hash value is computed as a function of both a prior local CRL state 
and the resultant local CRL state. However, Pitsos discloses wherein the first hash 
value is computed as a function of both the CRL(t) and CRL(t+n) states, and wherein 
the second hash value is computed as a function of both a prior local CRL state and the 
resultant local CRL state, (see Pitsos col. 2, lines 9-19: hash value (first, second) 
generation; col. 4, lines 27-32: certificate revocation information; col. 4, lines 47-51 : list 
of certificate information, signed; col. 5, lines 10-16: comparison (verification, validation) 
of hash (meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 6, Zhao discloses the method of claim 3, further comprising: 
requesting a CRL update, the request indicating a base t beyond which update is 
desired; and receiving in response to the request, plural delta CRLs including the first 
delta CRL and at least one other delta CRL together, (see Zhao col. 3, lines 5-10: 
request/response for update CRL; Figure 4; col. 5, lines 4-9: multiple delta CRLs) 
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Zhao does not specifically disclose whereby respective associated hash values 
including the first hash value and at least one other hash value, wherein each hash 
value is computed as a function of a respective resultant certificate revocation list (CRL) 
state. However, Pitsos discloses wherein respective associated hash values including 
the first hash value and at least one other hash value, wherein each hash value is 
computed as a function of a respective resultant certificate revocation list (CRL) state, 
(see Pitsos col. 2, lines 9-19: hash value (first, one other) generation; col. 4, lines 27-32: 
certificate revocation information; col. 4, lines 47-51 : list of certificate information, 
signed; col. 5, lines 10-16: comparison (verification, validation) of hash (meta hash) 
values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 7, Zhao discloses the method of claim 6. (see Zhao col. 3, lines 5- 
10: delta CRL generation system) Zhao does not specifically disclose whereby each of 
the hash values is computed as a function of both a respective prior CRL state and the 
respective resultant CRL state from which the associated delta CRL is derived. 
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However, Pitsos discloses wherein each of the hash values is computed as a function of 
both a respective prior CRL state and the respective resultant CRL state from which the 
associated delta CRL is derived, (see Pitsos col. 2, lines 9-19: hash value (each hash 
value) generation; col. 4, lines 27-32: certificate revocation information; col. 4, lines 47- 
51: list of certificate information, signed; col. 5, lines 10-16: comparison (verification, 
validation) of hash (meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 8, Zhao discloses the method of claim 6, further comprising: 
performing successive updates to the local certificate revocation list state by applying 
successive ones of the delta CRLs received in response to the request; and validating 
the successive updates based on the respective associated hash values, (see Zhao col. 
5, lines 4-9: multiple deltas CRLs) 

Regarding Claim 9, Zhao discloses the method of claim 6, wherein the base t is a 
temporal index, (see Zhao col. 1, lines 17-19: is a time index for certificate revocation) 
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Regarding Claim 10, Zhao discloses the method of claim 3, further comprising: if the 
validating is unsuccessful, requesting a complete copy of a current certificate revocation 
list, (see Zhao col. 5, lines 27-30: transfer complete copy of CRL (updates appended to 
previous CRL, entire CRL) 

Regarding Claim 11, Zhao discloses a method for coordinating update of certificate 
revocation information in a distributed public key infrastructure (PKI) environment, the 
method comprising: 

a) preparing a first delta coded update to a certificate revocation list (a first delta 
CRL), the first delta CRL encoding an update sufficient to produce a subsequent 
certificate revocation list state CRL(t+n) from a preceding certificate revocation 
list state CRL(t); (see Zhao col. 3, lines 5-10: updated information (delta CRL) for 
CRL (first, second) 

Zhao discloses wherein transmitting the delta CRL, and a base t. (see Zhao col. 3, 
lines 5-10: delta CRL transmitted in reply to request; col. 1, lines 17-19: base t 
(temporal) processing for delta information) Zhao does not specifically disclose 
whereby computing an associated first hash value as a function of at least the 
CRL(t+n) state, and transmitting the associated first hash value in response to a 
request for certificate revocation list update. 
However, Pitsos discloses: 
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b) computing an associated first hash value as a function of at least the CRL(t+n) 
state; (see Pitsos col. 2, lines 9-19: hash value generation; col. 4, lines 27-32: 
certificate revocation information; col. 4, lines 47-51 : list of certificate information, 
signed; col. 5, lines 10-16: comparison (verification, validation) of hash (meta 
hash) values) and 

c) transmitting the associated first hash value in response to a request for certificate 
revocation list update beyond a base t. (see Pitsos col. 2, lines 9-19: hash value 
generation; col. 4, lines 27-32: certificate revocation information; col. 4, lines 47- 
51: list of certificate information, signed; col. 5, lines 10-16: comparison 
(verification, validation) of hash (meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset 
of PKI certificate information such as a set of revoked certificates or delta set of 
revoked certificates. One of ordinary skill in the art would have been motivated to 
employ the teachings of Pitsos in order to enable the capability to increased secure 
protection of data due to difficulty in reproduction of data protected by a hash 
procedure, (see Pitsos col. 1, lines 31-36) 

Regarding Claim 12, Zhao discloses the method of claim 1 1 . (see Zhao col. 3, lines 5- 
10: delta CRL processing system) Zhao does not specifically disclose whereby the first 
hash value is computed as a function of both the CRL(t) and CRL(t+n) states. However, 
Pitsos discloses wherein the first hash value is computed as a function of both the 


Application/Control Number: 1 0/726,841 Page 1 1 

Art Unit: 2136 

CRL(t) and CRL(t+n) states, (see Pitsos col. 2, lines 9-19: hash value (first) 
generation; col. 4, lines 27-32: certificate revocation information; col. 4, lines 47-51 : list 
of certificate information, signed; col. 5, lines 10-16: comparison (verification, validation) 
of hash (meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 13, Zhao discloses the method of claim 1 1 , further comprising: 
receiving a CRL update request indicating a base t beyond which update is desired; and 
transmitting in response to the request, plural delta CRLs including the first delta CRL 
and at least one other delta CRL together with respective, (see Zhao col. 3, lines 5-10: 
delta CRL request/response; col. 1, lines 17-19: base t (time index) processing; col. 5, 
lines 4-9: multiple delta CRLs) Zhao does not specifically disclose whereby associated 
hash values including the first hash value and at least one other hash value, wherein 
each hash value is computed as a function of at least a respective resultant certificate 
revocation list (CRL) state from which the associated delta CRL is derived. However, 
Pitsos discloses wherein associated hash values including the first hash value and at 
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least one other hash value, wherein each hash value is computed as a function of at 
least a respective resultant certificate revocation list (CRL) state from which the 
associated delta CRL is derived, (see Pitsos col. 2, lines 9-19: hash value (associated, 
first, one other) generation; col. 4, lines 27-32: certificate revocation information; col. 4, 
lines 47-51: list of certificate information, signed; col. 5, lines 10-16: comparison 
(verification, validation) of hash (meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 14, Zhao discloses the method of claim 13. (see Zhao col. 3, lines 5- 
10: delta CRL processing system) Zhao does not specifically disclose whereby each of 
the hash values is computed as a function of both a respective prior CRL state and the 
respective resultant CRL state from which the associated delta CRL is derived. 
However, Pitsos discloses wherein each of the hash values is computed as a function of 
both a respective prior CRL state and the respective resultant CRL state from which the 
associated delta CRL is derived, (see Pitsos col. 2, lines 9-19: hash value (each) 
generation; col. 4, lines 27-32: certificate revocation information; col. 4, lines 47-51: list 
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of certificate information, signed; col. 5, lines 10-16: comparison (verification, validation) 
of hash (meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 15, Zhao discloses the method of claim 13, further comprising: 

a) performing successive updates to the local certificate revocation list state by 
applying successive ones of the delta CRLs received in response to the request; 
(see Zhao col. 5, lines 4-9: update CRL information with multiple delta CRLs) and 

Zhao does not specifically disclose whereby validating the successive updates 
based on comparison of the associated hash values with respective locally 
computed hash values. 
However, Pitsos discloses: 

b) validating the successive updates based on comparison of the associated hash 
values with respective locally computed hash values, (see Pitsos col. 2, lines 9- 
19: hash value (associated, locally) generation; col. 4, lines 27-32: certificate 
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revocation information; col. 4, lines 47-51 : list of certificate information, signed; 
col. 5, lines 10-16: comparison (verification, validation) of hash (meta hash) 
values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset 
of PKI certificate information such as a set of revoked certificates or delta set of 
revoked certificates, and perform verification and validation of hash value(s). One 
of ordinary skill in the art would have been motivated to employ the teachings of 
Pitsos in order to enable the capability to increased secure protection of data due to 
difficulty in reproduction of data protected by a hash procedure, (see Pitsos col. 1 , 
lines 31-36) 


Regarding Claim 16, Zhao discloses a system comprising: 

a) first and second validation authorities (VAs) communicatively coupled to 

propagate certificate revocation list (CRL) information; (see Zhao col. 2, lines 44- 
46: certification authority (validation authorities)) 

Zhao discloses wherein the first VA configured to prepare delta CRLs in 
correspondence with updates from a certificate authority (CA), each delta CRL 
encoding a respective update sufficient to produce a next certificate revocation list 
state CRL(t+n) from a preceding certificate revocation list state CRL(t); (see Zhao 
col. 2, lines 44-46: multiple Certificates Authorities (VAs); col. 3, lines 5-10: generate 
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a delta CRL based on a request) And, Zhao discloses wherein the second VA 
configured to receive the delta CRLs from the first VA, to calculate based thereon 
updates to local certificate revocation list states by applying the received delta CRL 
to produce a resultant local CRL state, (see Zhao col. 2, lines 44-46: multiple 
Certificate Authorities (VAs); col. 2, lines 57-62: apply delta CRL to produce resultant 
CRL) Zhao does not specifically disclose whereby the first VA further configured to 
compute respective first hash values as a function of respective sequentially 
adjacent pairs of states CRL(t) and CRL(t+n), and to validate each update based at 
least in part on comparison of respective first hash values received from the first VA 
with second hash values computed as a function of respective prior local CRL states 
and resultant local CRL states. 
However, Pitsos discloses: 

b) wherein further configured to compute respective first hash values as a function 
of respective sequentially adjacent pairs of states CRL(t) and CRL(t+n). (see 
Pitsos col. 2, lines 9-19: hash value generation; col. 4, lines 27-32: certificate 
revocation information; col. 4, lines 47-51 : list of certificate information, signed; 
col. 5, lines 10-16: comparison (verification, validation) of hash (meta hash) 
values) 

c) wherein to validate each update based at least in part on comparison of 
respective first hash values received from the first VA with second hash values 
computed as a function of respective prior local CRL states and resultant local 
CRL states, (see Pitsos col. 2, lines 9-19: hash value generation; col. 4, lines 27- 
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32: certificate revocation information; col. 4, lines 47-51 : list of certificate 
information, signed; col. 5, lines 10-16: comparison (verification, validation) of 
hash (meta hash) values) 
It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset 
of PKI certificate information such as a set of revoked certificates or delta set of 
revoked certificates and validate generated hash values. One of ordinary skill in the 
art would have been motivated to employ the teachings of Pitsos in order to enable 
the capability to increased secure protection of data due to difficulty in reproduction 
of data protected by a hash procedure, (see Pitsos col. 1 , lines 31-36) 

Regarding Claim 17, Zhao discloses the system of claim 16, wherein transmission of a 
given delta CRL and its associated first hash value are secured using a digital 
signature, (see Zhao col. 5, lines 39-41 : digital signature utilized for security) Zhao 
does not specifically disclose whereby a first hash value. However, Pitsos discloses 
wherein a first hash value, (see Pitsos col. 2, lines 9-19: hash value (first) generation; 
col. 4, lines 27-32: certificate revocation information; col. 4, lines 47-51: list of certificate 
information, signed; col. 5, lines 10-16: comparison (verification, validation) of hash 
(meta hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
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certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 18, Zhao discloses the system of claim 16, wherein the delta CRLs 
and associated first hash values are received via an intermediary, (see Zhao col. 5, 
lines 24-27: remote server (intermediary) received delta CRLs) Zhao does not 
specifically disclose whereby first hash values. However, Pitsos discloses wherein first 
hash values, (see Pitsos col. 2, lines 9-19: hash value (first) generation; col. 4, lines 27- 
32: certificate revocation information; col. 4, lines 47-51: list of certificate information, 
signed; col. 5, lines 10-16: comparison (verification, validation) of hash (meta hash) 
values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 19, Zhao discloses a computer program product encoded in one or 
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more media and including instruction sequences executable on a processor of a system 
that hosts a validation authority to perform the receiving, computing and validating steps 
of claim 3. (see Zhao col. 6, lines 33-41: software implementation, instructions) 

Regarding Claim 20, Zhao discloses a computer program product encoded in one or 
more media and including instructions sequences executable on a processor of a 
system that hosts a validation authority to perform the preparing, computing and 
transmitting steps of claim 10. (see Zhao col. 6, lines 33-41: software implementation, 
instructions) 

Regarding Claim 21, Zhao discloses a computer readable encoding of a delta CRL, the 
computer readable encoding encoded, at least transiently in a medium, and comprising: 
a) delta coded certificate revocation list (CRL) update data that allows a receiving 
validation authority to generate an updated CRL by applying the delta coded CRL 
update to a previous CRL state; (see Zhao col. 3, lines 5-10: generate a delta 
CRL list) 

c) a digital signature establishing identity of a source of the computer readable 
encoding, (see Zhao col. 5, lines 39-41: digital signature appended) 

Zhao does not specifically discloses whereby a self-validating indicator encoding a 
hash computed not as a function of the delta coded CRL update itself, but rather as 
a function of the next certificate revocation list state CRL(t+n) which may be 
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generating by applying the delta coded CRL update to a previous certificate 
revocation list state CRL(t). 
However, Pitsos discloses: 

b) a self-validating indicator encoded in association with the delta coded CRL 
update, the self-validating indicator encoding a hash computed not as a function 
of the delta coded CRL update itself, but rather as a function of the next 
certificate revocation list state CRL(t+n) which may be generating by applying the 
delta coded CRL update to a previous certificate revocation list state CRL(t); 
(see Pitsos col. 2, lines 9-19: hash value generation; col. 4, lines 27-32: 
certificate revocation information; col. 4, lines 47-51 : list of certificate information, 
signed; col. 5, lines 10-16: comparison (verification, validation) of hash (meta 
hash) values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing as a 
validation indication subset of PKI certificate information such as a set of revoked 
certificates or delta set of revoked certificates and validation of generated hash 
values. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Regarding Claim 22, Zhao discloses the computer readable encoding of claim 21 . 


Application/Control Number: 10/726,841 Page 20 

Art Unit: 2136 

(see Zhao col. 3, lines 5-10: delta CRL information processing system) Zhao does not 
specifically disclose whereby the encoded hash is computed as a function of both the 
next state CRL(t+n) and the previous state CRL(t). However, Pitsos discloses wherein 
the encoded hash is computed as a function of both the next state CRL(t+n) and the 
previous state CRL(t). (see Pitsos col. 2, lines 9-19: hash value generation; col. 4, lines 
27-32: certificate revocation information; col. 4, lines 47-51: list of certificate information, 
signed; col. 5, lines 10-16: comparison (verification, validation) of hash (meta hash) 
values) 

It would have been obvious to one of ordinary skill in the art to modify Zhao as 
taught by Pitsos to enable the capability to generate a hash value utilizing a subset of 
PKI certificate information such as a set of revoked certificates or delta set of revoked 
certificates. One of ordinary skill in the art would have been motivated to employ the 
teachings of Pitsos in order to enable the capability to increased secure protection of 
data due to difficulty in reproduction of data protected by a hash procedure, (see 
Pitsos col. 1, lines 31-36) 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
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MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 x CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 


Application/Control Number: 10/726,841 Page 22 

Art Unit: 2136 

USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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